AssociateResourceSharePermission - AWS RAM

AssociateResourceSharePermission

Adds or replaces the AWS RAM permission for a resource type included in a resource share. You can have exactly one permission associated with each resource type in the resource share. You can add a new AWS RAM permission only if there are currently no resources of that resource type currently in the resource share.

Request Syntax

POST /associateresourcesharepermission HTTP/1.1 Content-type: application/json { "clientToken": "string", "permissionArn": "string", "permissionVersion": number, "replace": boolean, "resourceShareArn": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

permissionArn

Specifies the Amazon Resource Name (ARN) of the AWS RAM permission to associate with the resource share. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the AWS RAM console and then choose the name of the permission. The ARN is displayed on the detail page.

Type: String

Required: Yes

resourceShareArn

Specifies the Amazon Resource Name (ARN) of the resource share to which you want to add or replace permissions.

Type: String

Required: Yes

clientToken

Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then AWS generates a random one for you.

If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

Type: String

Required: No

permissionVersion

Specifies the version of the AWS RAM permission to associate with the resource share. You can specify only the version that is currently set as the default version for the permission. If you also set the replace pararameter to true, then this operation updates an outdated version of the permission to the current default version.

Note

You don't need to specify this parameter because the default behavior is to use the version that is currently set as the default version for the permission. This parameter is supported for backwards compatibility.

Type: Integer

Required: No

replace

Specifies whether the specified permission should replace the existing permission associated with the resource share. Use true to replace the current permissions. Use false to add the permission to a resource share that currently doesn't have a permission. The default value is false.

Note

A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don't set replace to true then the operation returns an error. This helps prevent accidental overwriting of a permission.

Type: Boolean

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "clientToken": "string", "returnValue": boolean }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

clientToken

The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.

Type: String

returnValue

A return value of true indicates that the request succeeded. A value of false indicates that the request failed.

Type: Boolean

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidClientTokenException

The operation failed because the specified client token isn't valid.

HTTP Status Code: 400

InvalidParameterException

The operation failed because a parameter you specified isn't valid.

HTTP Status Code: 400

MalformedArnException

The operation failed because the specified Amazon Resource Name (ARN) has a format that isn't valid.

HTTP Status Code: 400

OperationNotPermittedException

The operation failed because the requested operation isn't permitted.

HTTP Status Code: 400

ServerInternalException

The operation failed because the service could not respond to the request due to an internal problem. Try again later.

HTTP Status Code: 500

ServiceUnavailableException

The operation failed because the service isn't available. Try again later.

HTTP Status Code: 503

UnknownResourceException

The operation failed because a specified resource couldn't be found.

HTTP Status Code: 400

Examples

Note

The examples show the JSON payloads of the request and response pretty printed with white spaces and line breaks for ease for ease of reading.

Example

The following example command replaces the permission for the relevant resource type in the specified resource share. You don't need to specify the resource type, it is automatically inferred from the specified permission.

Sample Request

POST /associateresourcesharepermission HTTP/1.1 X-Amz-Date: 20210924T194101Z Accept-Encoding: identity User-Agent: <UserAgentString> Content-Length: <PayloadSizeBytes> Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>> { "resourceShareArn": "arn:aws:ram:us-east-1:999999999999:resource-share/27d09b4b-5e12-41d1-a4f2-19dedEXAMPLE", "permissionArn": "arn:aws:ram::aws:permission/AWSRAMPermissionGlueDatabaseReadWrite", "replace": true }

Sample Response

HTTP/1.1 200 OK Date: Fri, 24 Sep 2021 19:41:02 GMT Content-Type: application/json Content-Length: <PayloadSizeBytes> { "returnValue":true }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: